On Wed, 2003-10-29 at 21:50, Tarmo Lehtpuu wrote: > > I'm having problems properly closing all ports (I don't want a > "stealthy" firewall). "Stealthy" is a myth, but we will not start that flame war. ;-) > When doing a portscan with nmap the following ports show up > as being filtered: > 1:13, 135:139, 445, 1080, 444 (tcp) I've run into this myself. Make sure you have: CONFIG_IP_NF_TARGET_REJECT enabled within the kernel. You might also wish to sniff outside the firewall (right on the nmap system is OK) to ensure that you are actually sending back TCP resets. > -A INPUT -i eth0 -p icmp -m icmp --icmp-type 3 -j ACCEPT > -A INPUT -i eth0 -p icmp -m icmp --icmp-type 11 -j ACCEPT > -A INPUT -i eth0 -p icmp -m icmp --icmp-type 0 -j ACCEPT As a side note, the above lines are not needed as you are accepting back "RELATED" traffic. The above lines will let in _all_ type 0's, 3's & 11's, even bogus ones. The RELATED specification will only let in legitimate ICMP errors so you are better off removing these lines. HTH, C
